Disneyland had a huge 2025 when it kicked off its 70th anniversary. This year, we’ll see the original Disney theme park continue to celebrate the milestone — all while building three new rides at California Adventure and a whole new Disneyland entrance and Avatar area.
Over at Walt Disney World in Florida, four new lands are being built right now, themed around villains, Pixar characters and more.
Here’s everything you need to know about Disneyland, Disney World and Disney Cruise Line in 2026 and beyond.
Concept art of the Bluey show coming to Disneyland in 2026.
Spring break saw a new character move into Disneyland, with Bluey and family now hosting a stage show and themed area. Debuting on Sunday, March 22, Bluey’s Best Day Ever is located at the Fantasyland Theatre next to Mickey’s Toon Town, and has seen hours-long queues lining up to get inside during its debut week.
The theater has been transformed into Bluey’s school classroom and grounds, including a gnome village and fairy garden. Bluey and her sister, Bingo, will appear several times each day, along with actors and musicians, to “bring to life the popular music and games emblematic of beloved Bluey episodes.” Those games will include Keepy Uppy and the Grannies, as well as appearances by Chattermax and Unicorse.
There are also puzzles, games and photo ops throughout the Bluey area. Disneyland is also serving up Bluey-themed foods at Troubadour Tavern.
The hugely popular Australian cartoon about a family of dogs is a worldwide hit, and Disney is slated to release a Bluey movie in 2027. (In the meantime, you can watch Bluey episodes and minisodes on Disney Plus.)
The second Disney theme park built in Anaheim opened 25 years ago on Feb. 8, 2001. While the look of the park has changed a lot over those years, California Adventure has a few ways it’s celebrating the quarter-century milestone: It’s switching the Soarin’ attraction back to Soarin’ Over California until July 1; dressing Mickey Mouse and Minnie Mouse on Buena Vista Street with new outfits, featuring sun motifs like the one originally on the roller coaster; and offering various special anniversary-themed food items, merchandise and drinks.
At both Disney’s California Adventure and Disney World’s Epcot, the Soarin’ Around the World attraction is getting a US-themed makeover. Soarin’ Across America will arrive on July 2, 2026, and will feature scenes, sounds and scents from more than a dozen cityscapes and scenic areas.
Disney released a trailer starring Patrick Warburton, the original Soarin’ narrator and pilot, in which he says we’ll soon “sail across spacious skies” and may see “amber waves of grain” and “purple mountain majesties.” It’s part of Disney’s celebration of America’s 250th anniversary.
Disneyland is continuing to celebrate its 70th anniversary this year, following its kick-off in May 2025. You’ll have plenty of time to get there as its last day is Aug. 9, 2026 — after which it’ll transition back to Halloween on Aug. 21, then the holidays on Nov. 18, before fully returning to its natural state in early 2027.
While many of the 70th anniversary shows were paused for Halloween and the holidays in 2025, they made a comeback in January, including the Paint the Night parade, Celebrate Happy Cavalcade and the Wondrous Journeys fireworks and projection show on the castle. Mickey and friends are also back in their 70th celebration outfits.
You can catch 70th anniversary-themed merchandise, food and drink items as well as a projection show at Carthay Circle and a 50-foot sculpture of Sleeping Beauty Castle on the esplanade between Disneyland and California Adventure; you can also find decorations sprinkled throughout Downtown Disney, Main Street USA, Disney’s hotels and even inside the Toy Story Midway Mania ride.
Check out the 70th anniversary decorations throughout the Toy Story Midway Mania ride.
California residents can currently get a three-day Park Hopper ticket for $249, a 50% discount. You can visit from now until May 21 using this ticket. After that is a Kids’ Summer Ticket deal, with a one-day Park Hopper ticket costing $50 per child, ages 3 through 9. You can purchase it now and use it between May 22 and Sept. 7.
Disneyland is also adding (and removing) a Magic Key option: The Explore Key will replace the current Enchant Key. All California residents will be able to purchase it — not only Southern California residents. It will allow access on weekdays in June and July, which are currently blocked out for Enchant Key holders.
The Explore Key went on sale last month. It costs $999, with a $99 down payment and 0% APR on repayments for 12 months. Disney said its “full value” can be unlocked in just four visits to the parks, thanks to Park Hopper admission, 25% off parking, Lightning Lane Multi-Passes and 10% off merchandise and dining.
For what Disney World is calling Cool Kids’ Summer, it’s offering two free nights and two free theme park days when you buy a four-night, four-day Disney hotel and ticket package for a visit during May 26 through Sept. 15. You can also save up to 30% on some Disney hotels between May 1 and Oct. 4.
Also part of Cool Kids’ Summer is a free day at a Disney water park (Typhoon Lagoon or Blizzard Beach) on your check-in day when staying at a Disney hotel between May 26 and Sept. 8; and a free dining plan for kids aged 3-9 when you buy a dining package for guests over 10 and a room at a Disney hotel.
While it won’t be ready in time for 2026, construction is well underway for Disney’s first villains-themed area. Villains Land, which will celebrate all the classic baddies from Disney films, is coming to the Magic Kingdom at Disney World in Florida.
Imagineers have been drawing inspiration from architectural structures in Paris and Barcelona — like Gaudí’s buildings in the latter — to design Villains Land, Disney revealed during Destination D23 in August 2025.
Concept art for the new Villains Land.
“Paris is a city full of classic Art Nouveau … natural motifs and swirling designs there make nature appear to be ‘cursed,’ like magic has frozen it into place,” Disney said on its Parks Blog. “Barcelona’s art style is Modernisme, which has less natural patterns but gives the architecture an otherworldly, unnerving appearance.”
Villains Land, first teased during D23 2022, will be positioned on the other side of Big Thunder Mountain at the top left edge of the current Magic Kingdom map and will stretch around to where the Haunted Mansion is.
Two major attractions are planned, along with dining and shopping. Still no word yet on when it’ll open.
Concept art of Tropical Americas.
Animal Kingdom’s DinoLand USA area is no more, with the area on the Disney World map now a blank sea of grass as Disney slowly builds out the new Tropical Americas Land.
Construction began in the fall of 2024, with TriceraTop Spin and the midway area closing down in January 2025. The Dinosaur ride remained open until Feb. 1 this year but has now closed its doors as it’s transformed into a new Indiana Jones ride through a Maya temple (a relatively easy overlay since Disneyland’s Indiana Jones reportedly follows almost exactly the same ride track as Disney World’s Dinosaur).
The Pueblo Esperanza area will be themed like a South American village, with an Encanto-themed attraction, where you get to explore Antonio’s rainforest room inside the Casita, as well as a huge quick-service dining location, a fountain and a carousel.
Tropical Americas is planned to open in 2027.
Piston Peak National Park: the setting for the new Cars-themed land at Magic Kingdom.
The Rivers of America and Tom Sawyer Island at Disney World’s Magic Kingdom have been closed and removed from the online map, as Disney works to construct a new land themed after Pixar’s Cars movies. Cars Land, which was added to Disney’s California Adventure back in 2012, remains extremely popular in the west, so it was only a matter of time before it was added to the eastern outpost.
In an expansion of Frontierland — which also includes Tiana’s Bayou Adventure and Big Thunder Mountain Railroad — Route 66 will feature a look inspired by the Rocky Mountains and the “American Frontier and its national parks.”
The Disney Parks Blog described the new area as “an awe-inspiring wilderness filled with towering trees, snowcapped mountains, breathtaking waterfalls, roaring rivers and impressive geysers.” Disney Imagineers are “using a style of architecture called ‘Parkitecture,’ which was developed by the National Park Service to create structures that harmonize with the natural environment.”
Concept art of the Cars rally race attraction coming to Disney World.
There will be two attractions, one of which is a rally race. Pixar Chief Creative Officer Pete Docter and Imagineer Michael Hundgen spoke about the new ride vehicle for this, and you can see a TikTok of Imagineers testing out off-road vehicles in the Arizona desert to create what the ride will feel like. Each rally car will have its own personality, name and racing number, Docter said.
“These are all things Lightning McQueen and Mater haven’t experienced before, like racing over rocky terrain, ascending to mountain peaks and dodging around geysers — how do you take these real-world elements and put a Cars spin on it?” Disney Parks said in a previous blog post.
While construction has begun and Disney has even released a map showing what the land may look like (geysers shooting water, a running river, an off-road rally track, mountains, a visitor’s lodge, a Ranger HQ and walking trails), we don’t expect Piston Peak to open until at least 2027 or 2028.
Concept art showing an aerial shot of the Avatar-themed area coming to Disneyland Resort.
Disneyland is finally expanding after unveiling plans almost five years ago. The expansion is expected to take a couple of years to complete and will push the park’s current boundaries past Downtown Disney and into the nearby parking lots. It’ll also transform “a portion of the current Hollywood Backlot area,” leading to the closure of the Monsters Inc. attraction permanently in 2027.
The biggest part of the expansion will be adding an Avatar-themed land, based on the second film, The Way of Water, as well as Avatar: Fire and Ash. It will include a dark boat ride much like Pirates of the Caribbean, “taking guests all the way to the wide-open seas of Pandora.”
It follows the success of the world of Pandora, based on the original Avatar film, in Disney World’s Animal Kingdom. Disney has no dates or details yet on when it’ll be complete.
Coming sooner than the Avatar land, however, is a new esplanade entry “experience” to replace the current walkway entry at the east side of Disneyland, as well as a new parking structure and pedestrian bridge over Harbor Boulevard. Construction on this begins in the fall.
Concept art of the new pedestrian bridge that will cross Harbor Boulevard.
It won’t be launching this year, but construction has begun backstage at California Adventure to build a new dark ride. It’ll be themed for the beloved Pixar movie Coco and populated by audio-animatronics.
The Coco ride will be located in the area near Pixar Pier and Paradise Gardens, in what is primarily backstage areas for cast members currently. It’ll have characters and music from the movies as you travel through the land of the dead with Miguel.
Concept art for the new Coco ride.
While the Monsters, Inc. ride is being removed from California Adventure, its animatronics and props are expected to be repurposed in Disney World, as an entire land themed around the Monsters Pixar movies is being built at Hollywood Studios.
Replacing the Muppets area of the theme park, Monstropolis — home of the Monsters, Inc. movies, shorts and Disney Plus streaming series — will feature Disney’s first-ever suspended roller coaster inside the city’s laugh/scream factory.
“The first time I saw Monsters, Inc., all I wanted to do was ride on one of those doors like Mike and Sulley,” Disney Experiences Chair Josh D’Amaro said at D23 in 2024. “Remember in the movie how those claws grab the doors and hoist them up into the air to take them away? We’re doing that too. And you’re going along for the ride.”
Concept art of the Monsters, Inc. suspender coaster.
A TikTok shows the design concept for the Monsters Inc. ride.
MuppetVision 3D closed permanently on June 8, 2025, but we don’t expect Monstropolis to be complete for another year or two.
On the bright side, the Muppets are being moved to the Rock ‘n’ Roller Coaster, and that overlay apparently won’t take long. Rock ‘n’ Roller Coaster Starring Aerosmith had its last day of operation on March 1, and the Muppets-themed version will open in the summer.
“Thanks to new management under legendary Muppets tycoon and owner of The Muppet Theatre, J. P. Grosse, groovy vibes will take over the Rock ‘n’ Roller Coaster Courtyard, including a new psychedelic wrap on the giant guitar marquee,” Disney said in August 2025.
Avengers Campus already has two rides: Spider-Man Web Slingers and Guardians of the Galaxy. Soon, this will double as Disney builds two more Marvel attractions at California Adventure.
“We’re doubling the size of the land with two new attractions,” a structural engineer said in a video posted to Walt Disney Imagineering’s Instagram account on Feb. 26. The engineer showed off how the Avengers Infinity Defense structure is looking now, including its columns, foundations and a catwalk that will “support projectors, speakers and other types of show elements.”
Avengers Infinity Defense will see you assemble alongside the Avengers, battling King Thanos — set in a multiverse — featuring appearances by Black Panther, Ant-Man and Hulk.
Concept art of the Avengers Infinity Defense attraction coming to California Adventure.
Stark Flight Lab, the second ride, will see you help test Tony Stark’s latest tech.
“In Stark Flight Lab, guests will sit in ‘gyro-kinetic pods’ and roll along a track before stopping in front of a giant robot arm,” Disney said. “This robot arm will hoist you into the air where you’ll make several high-speed maneuvers inspired by Iron Man and some other Avengers.”
Construction began in 2025, but no launch dates have been revealed yet.
Disney has been all in on launching cruise ships over the last few years, including the Disney Wish in 2022, the Disney Treasure in 2024 and the Disney Destiny in 2025.
The Disney Adventure is next up in 2026, part of the next four ships embarking soon. The other ship names and destinations have yet to be revealed, but they’ll set sail between 2027 and 2031.
Here’s what else is new and coming soon to the theme parks:
Concept art of the overhauled version of Buzz Lightyear’s Space Ranger Spin, which will have two different colored lasers in each ride vehicle.
Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign.
Users searching for “Claude mac download” may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac.
The campaign was spotted by Berk Albayrak, a security engineer at Trendyol Group, who shared his findings on LinkedIn.
Albayrak identified a Claude.ai shared chat that presents itself as an official “Claude Code on Mac” installation guide, attributed to “Apple Support.”
The chat walks users through opening Terminal and pasting a command, which silently downloads and runs malware on their Mac.
While attempting to verify Albayrak’s findings, BleepingComputer landed on a second shared Claude chat carrying out the same attack through entirely separate infrastructure.
The two chats follow an identical structure and social engineering approach but use different domains and payloads. Both chats were publicly accessible at the time of writing:
The base64 instructions shown in the shared Claude chat download an encoded shell script from domains such as:
The ‘loader.sh’ (served by the second link above) is another set of Gunzip-compressed shell instructions:
This compressed shell script runs entirely in memory, leaving little obvious trace on disk.
BleepingComputer observed the server serving a uniquely obfuscated version of the payload on each request (a technique known as polymorphic delivery), making it harder for security tools to flag the download based on a known hash or signature.
The variant BleepingComputer identified starts by checking whether the machine has Russian or CIS-region keyboard input sources configured. If it does, the script exits without doing anything, sending a quiet cis_blocked status ping to the attacker’s server on its way out. Only machines that pass this check get the next stage:
Before proceeding further, the script also collects the victim’s external IP address, hostname, OS version, and keyboard locale, sending all of it back to the attacker. This kind of victim profiling before payload delivery suggests the operators are being selective about who they target.
The script then pulls down a second-stage payload and runs it through osascript, macOS’s built-in scripting engine. This gives the attacker remote code execution without ever dropping a traditional application or binary.
The variant identified by Albayrak, however, appears to skip the profiling steps. It goes straight to execution.
It harvests browser credentials, cookies, and macOS Keychain contents, packages them up, and exfiltrates them to the attacker’s server. Albayrak identified this as a variant of the MacSync macOS infostealer:
The briskinternet[.]com domain shown above in the variant identified by Albayrak appeared to be down at the time of writing.
Malvertising has become a recurring delivery mechanism for malware.
BleepingComputer has previously reported on similar campaigns targeting users searching for software like GIMP, where a convincing Google ad would list a legitimate-looking domain but take visitors to a lookalike phishing site instead.
This campaign flips that, as there is no fake domain to spot.
Both Google ads seen here point to Anthropic’s real domain, claude.ai, since the attackers are hosting their malicious instructions inside Claude’s own shared chat feature. The destination URL in the ad is genuine.
It is not, however, the first time that attackers have abused AI platform shared chats this way. In December, BleepingComputer reported a similar campaign targeting ChatGPT and Grok users.
Users should navigate directly to claude.ai for downloading the native Claude app, rather than clicking sponsored search results. The legitimate Claude Code CLI is available through Anthropic’s official documentation and does not require pasting commands from a chat interface.
It is good practice to generally treat any instructions asking you to paste terminal commands with caution, regardless of where those instructions appear to come from.
BleepingComputer reached out to Anthropic and Google for comment prior to publishing.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
For years, Uber talked about becoming a super app. Then Waymo started picking up passengers in San Francisco, and the conversation grew more urgent. The company has been trying to embed itself inside the AV industry — as a data provider, an investor, and a distribution platform — but the consumer-facing bet may be just as important.
Two weeks ago, Uber held its annual GO-GET product event in New York and announced something its executives had been circling for a long time: users in the U.S. can now book hotels inside the Uber app, through a partnership with Expedia Group, with access to more than 700,000 properties worldwide. Uber One members — the company’s subscription tier at $9.99 a month — get 20% off a rotating list of 10,000 hotels and 10% back in credits. Vacation rentals through Vrbo will follow later this year, along with restaurant reservations via OpenTable. In the meantime, a “Shop for Me” feature lets users order from stores that aren’t even on the platform.
The announcements, taken together, were the most concrete picture yet of something Uber has been trying to conjure since at least 2019: that an app with 199 million monthly active users could become the app they use for nearly everything.
Praveen Neppalli Naga, Uber’s CTO, offered the clearest explanation of the company’s thinking at TechCrunch’s StrictlyVC event late last month in San Francisco. The super app concept has existed for years in India and Southeast Asia, he noted, but U.S. versions have mostly flopped by bolting services onto traffic rather than building toward a reason to stay.
His answer to what fits? Membership. Every new category — food, groceries, now hotels — gives someone another reason to pay for Uber One. “I take Uber, go to the airport, take a flight, take another Uber, go to a hotel, go to a restaurant,” he said. “There is a flow you can actually build into it.”
Flights are not available yet, though Naga didn’t rule them out. Uber tried flight booking in Europe years ago without success. “First let’s get the hotel things done,” he said. Financial services sound like a possibility too — Uber already offers a debit card to drivers in Mexico — though how far that goes, or when, remains unclear. Said Naga: “Never say never.”
Uber isn’t alone in this race. Airbnb, arguably the company most directly threatened by Uber’s hotel push, announced its own transportation ambitions in late March — a partnership with Welcome Pickups to offer airport transfers in 125 cities across Asia, Europe, and Latin America, structured to keep users inside the Airbnb app rather than sending them to Uber. Meanwhile, Elon Musk has spent three years promising to turn X into an “everything app” in the WeChat mold, and is now nearing what he describes as a long-stated goal: X Money, a banking and payments platform built inside the social network, is expected to launch publicly soon. X claims 500 million monthly active users.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
The big question is how many super apps the American market will actually support. WeChat works in China partly because the alternative was a patchwork of inferior options. In the U.S., people already have apps they like for most of what Uber wants to do. Getting them to consolidate inside a single platform requires either a compelling reason — Uber One’s discounts, say — or a seamless enough experience that switching feels worth it.
Uber’s bet is that its installed base is the moat. Its users have already handed over a credit card. Convincing them to book a hotel, or order from a store they’d never find on Uber Eats, is an easy lift compared with convincing them to download something new. Its most recent earnings, reported a few days ago, suggest Uber Eats may be the strongest argument for that thesis: delivery revenue grew 34% year over year in the first quarter, to $5.07 billion, making it easily the fastest-growing part of the business and pulling almost even with mobility in gross bookings.
Uber’s stock is still down about 8% from a year ago — suggesting that Wall Street isn’t fully convinced. But the company says that 50 million people are now paying for Uber One, and together they account for roughly half the company’s total bookings.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
From affordable 34-inch LCDs to flagship 45-inch OLEDs, these are the best ultrawide gaming monitors you can buy right now, tested and recommended by us.
It’s a bird, it’s a plane, it’s a six-propeller flying vehicle with a nearly eight-foot wingspan.
For the next year, delivery drones operated by the British company Skyports are taking daily weekday trips across New York City’s East River, between the tip of Manhattan and a pier in Brooklyn. Since early May—a bit behind schedule—the drones have carried light cargo for a New York City health care system. Right now, those loads are basically a few pounds of paper; once the healthcare system is confident the setup works, it should include nonhazardous, non-biological packages, such as light pharmaceuticals.
The drones are part of an experiment run by two New York-New Jersey agencies to discover how a relatively new and sometimes controversial sky-bound delivery tech might fit into a hectic urban environment—and the airspace above it. The pilot program will also try to answer a question that hangs over the entire drone delivery industry: Where does it make sense?
“Will there be enough regular flights (1 to 2 per hour) that the client health care system finds true value?” Stephan Pezdek, the regional freight planning manager at the Port Authority of New York and New Jersey, which is operating the pilot, wrote in an email to WIRED. (The Port Authority declined to name the health care system for contractual reasons.) “Will deliveries make it to their destination faster and within the financial constraints of the current carriers they are using? Will the community appreciate the work and not feel like it is a disruption? All of this will inform our understanding of how the first corridor shapes up.”
The Port Authority, which is also working with the New York City Economic Development Corporation (NYCDEC) on this drone project, will also measure how the deliveries affect patient care, Pezdek says.
Globally, drone delivery is still in an experimental phase. What projects do exist mostly focus on carrying cargo to rural or suburban areas, where gaps in road networks and services, plus emptier skies, could make the tech a better fit. Skyports has been delivering mail in remote areas of Scotland since 2023, and carrying cargo to offshore wind turbines in Germany. The US company Zipline says it makes deliveries to and from some 5,000 health facilities across four continents; its oldest program delivers vaccines and blood products in Rwanda. In the US, companies including Alphabet’s Wing and Amazon’s Prime Air are working to expand delivery services across the South, with a focus on the suburban areas surrounding Houston, Austin, and Dallas, Texas.
For drones, dense cities present different challenges. First, there’s the safety question. New York City’s airspace is packed, hosting three international airports. In Manhattan alone, there are three publicly owned heliports. In May 2023, nearly 9,000 helicopter flights took place over city land or water, according to data compiled by the New York City Council. This drone pilot program’s start date was pushed back in part because another experimental aviation tech, an electric vertical takeoff and landing (eVTOL) vehicle, was demo-ing its own first-of-its-kind flights out of the same heliport.
That citified hustle and bustle leads to extra precautions. The pilot project was, as standard, approved by the US Federal Aviation Administration, which requires a certified drone pilot to supervise every flight. Each flight will take place over a fixed route away from residential buildings. The project must obtain a weekly NYPD permit to operate, and delays in acquiring the first one also led the city to push back its start date, says Amanda Kwan, a spokesperson for the Port Authority. The agency also spoke with three local community boards before it allowed the drones to take off.
Anthropic’s Claude Mythos Preview found thousands of zero-day vulnerabilities across major operating systems and browsers, prompting the Fed chair and Treasury secretary to convene bank CEOs. The company warns of a six-to-twelve month window before adversaries replicate the capability.
TL;DR
Anthropic built an AI model that found thousands of zero-day vulnerabilities in every major operating system and web browser. The Federal Reserve chair and the Treasury secretary called bank CEOs to discuss it. The company says there is a six-to-twelve month window to patch the flaws before adversaries build models that can do the same thing. The cybersecurity industry says the threat was already here. Both are right.
Claude Mythos Preview is the model. It is not yet publicly released. In controlled testing, it surpassed all but the most skilled humans at finding and exploiting software vulnerabilities, identifying flaws that had existed undetected for decades, including a 27-year-old bug in OpenBSD and a 17-year-old remote code execution flaw in FreeBSD. Anthropic CEO Dario Amodei described the current period as a “moment of danger” and warned of “some enormous increase in the amount of vulnerabilities, in the amount of breaches, in the financial damage that’s done from ransomware on schools, hospitals, not to mention banks.”
Mozilla released Firefox 150 with fixes for 271 security vulnerabilities identified by Mythos in a single evaluation pass. The number is striking not because Firefox is unusually insecure but because no human team had found them. The vulnerabilities had accumulated across years of development, each one a potential entry point for an attacker with the right tools. Mythos found all 271 in one run.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!
The model’s capability raises a question that the cybersecurity industry has been theorising about for years and now must answer practically: what happens when the cost of finding vulnerabilities drops to near zero? The traditional economics of cybersecurity depend on the asymmetry between attackers, who must find one flaw, and defenders, who must secure all of them. Mythos collapses the cost on both sides. Defenders can now scan their entire codebase for flaws they never knew existed. Attackers, once they build or obtain equivalent models, can do the same.
Anthropic chose a controlled rollout, which it calls Project Glasswing. Approximately 40 technology companies and institutions have initial access to Mythos to bolster their systems. The list does not include most central banks and governments. The asymmetry is intentional: give defenders a head start before the capability becomes widely available.
The response from financial regulators was immediate. Federal Reserve Chairman Jerome Powell and Treasury Secretary Scott Bessent convened a meeting with major US bank CEOs to discuss the cyber risks raised by Mythos. The IMF flagged AI-powered cyber threats to the global banking system. The concern is not that Mythos itself will be used to attack banks. It is that the capability Mythos demonstrates, automated discovery of vulnerabilities at superhuman speed, will be replicated by adversaries who are not bound by Anthropic’s responsible disclosure practices.
Anthropic shipped financial services agents the day after announcing its 1.5 billion dollar Wall Street joint venture, a sequence that illustrates the company’s dual positioning: it is simultaneously the entity warning banks about AI-powered cyber threats and the entity selling AI products to banks. The joint venture with Blackstone and Hellman and Friedman is anchored at approximately 300 million dollars from Anthropic and will deploy AI across private equity operations.
Amodei’s six-to-twelve month window is a prediction about how long it will take Chinese AI companies to build models with equivalent vulnerability-discovery capabilities. The window is not about whether adversaries will develop the capability. It is about when. The controlled rollout of Mythos is designed to give the companies that receive early access enough time to patch their most critical flaws before the window closes.
OpenAI released GPT-5.4-Cyber for vetted security teams, scaling its Trusted Access programme in direct response to the Mythos disclosure. The competitive dynamic between Anthropic and OpenAI has extended from commercial AI products into cybersecurity, with both companies positioning themselves as defenders of the software infrastructure their own models could be used to compromise.
Researchers have already demonstrated that AI agents from Anthropic, Google, and Microsoft can be hijacked via prompt injection to steal API keys and tokens, and all three vendors paid bounties but skipped public disclosure. The irony is precise: the AI agents that companies deploy to improve security are themselves vulnerable to attacks that could compromise the systems they are meant to protect.
The cybersecurity community’s response to the Mythos disclosure has been a mixture of alarm and scepticism. Security researchers note that AI-assisted vulnerability discovery has been developing for years and that the capabilities Mythos demonstrates, while impressive in scale, are an acceleration of existing trends rather than a discontinuous leap. The threat of AI-powered cyberattacks was identified by the UK’s National Cyber Security Centre more than a year ago. What Mythos changes is not the existence of the threat but the specificity of the evidence.
Anthropic occupies an unusual position. It is a company whose business model depends on selling AI capabilities to enterprises, including banks, while simultaneously arguing that AI capabilities of the kind it is developing pose an existential threat to the cybersecurity of those same enterprises. The resolution of the contradiction is commercial: Anthropic’s pitch is that you need its AI to defend against AI of the kind it builds. The logic is circular but the threat is real.
The 271 Firefox vulnerabilities were real. The 27-year-old OpenBSD bug was real. The meeting between the Fed chair and bank CEOs was real. The question is not whether AI will transform cybersecurity. The question is whether the six-to-twelve months Amodei describes is enough time to patch decades of accumulated vulnerabilities across every operating system, browser, and financial platform in production, or whether the window is an estimate designed to create urgency for a problem that cannot be solved on any timeline. Mythos found the flaws. Fixing them is a human problem.
In modern datacenters, storage can live anywhere — local to the machine, remotely accessed over the network, and/or shared between systems.
The next generation of servers will treat system memory in much the same way. Systems will still have some local DDR5, but the bulk of it will be remotely accessed from what some have taken to calling the memory godbox.
The ongoing DRAM shortage has created a perfect storm for the proliferation of the appliances, which not only allow for memory to be pooled, but also data stored in that memory to be shared by multiple machines simultaneously. In effect, memory becomes a fungible resource.
More importantly, your next round of servers will probably support the tech, if they don’t already.
The technology at the heart of these memory godboxes isn’t new. Compute Express Link (CXL) has been slowly gaining traction since its introduction seven years ago.
As a quick refresher, CXL defines a common, cache-coherent interface for connecting CPUs, memory, accelerators, and other peripherals.
The technology comes in a couple of different flavors: CXL.mem, CXL.cache, and CXL.io, which, as a whole, have implications for disaggregated compute. Imagine a rack with a CPU node, GPU node, memory node, and storage node, which can talk to one another completely independently. That’s the core idea behind CXL.
CXL piggybacks off the PCIe standard, which means in theory it should be broadly compatible, but, up to this point, it’s primarily been used with memory devices.
The 1.0 spec opened the door to memory expansion modules, which allow you to add more memory by slotting them into a CXL-compatible PCIe slot. To the operating system — assuming you’re running Linux that is — the extra memory is largely transparent, showing up as if it were attached to another CPU socket, just one without any additional compute.
The 2.0 spec, which showed up in 2020, added basic support for switching, which meant memory could be pooled and then allocated to any number of connected systems.
AMD and Intel’s current crop of Epycs and Xeons already support these appliances. But while the memory can be partitioned and reallocated to different machines as needed, two machines can’t work on the same data simultaneously.
Unless you were memory-constrained, the added complexity of CXL 2.0 didn’t offer much benefit over simply using higher capacity DIMMs in the first place.
At least, not until memory prices went through the roof.
Where things really get interesting is when the 3.0 spec arrives in AMD and Intel’s next-generation of Epycs and Xeons. In fact, from what we understand, Amazon’s Graviton5 CPUs we looked at in December already support the spec.
CXL 3.0 introduces two key capabilities that make it particularly interesting for memory appliances. The first is support for larger topologies: Multiple CXL switches can be stitched together into a fabric. The second is support for memory sharing: Rather than partitioning memory into slices only accessible to one machine at a time, memory can be shared between machines.
In theory this could allow two machines running the same set of workloads to use the memory closer to that of one. It’s a bit like deduplication for memory. In fact, we already do this in virtualized environments like KVM, but it now works across machines.
There are security and performance implications to all of this. Thankfully in CXL 3.1 and later, the consortium introduced confidential computing capabilities into the spec, allowing for isolation where necessary.
On the performance end of things, CXL 3.0 moves to PCIe 6.0 as a baseline, which provides 16 GB/s of bidirectional bandwidth per lane. Assuming 64 lanes of CXL per CPU, that works out to an additional 512 GB/s of bandwidth. So memory bandwidth shouldn’t be too much of an issue for most applications. Latency, on the other hand, is a different story.
CXL-attached memory is going to add some latency. However, as we’ve previously discussed, the latency isn’t as bad as you’re probably thinking — on the order of a NUMA hop, or about 170 to 250 nanoseconds of round trip latency. Obviously, the farther the memory appliance is from the host CPU, the worse the latency is going to be.
Late last year, the CXL consortium ratified the 4.0 spec, which among other things doubles the bandwidth from 16 GB/s per lane to 32 GB/s by re-basing on PCIe 7.0. However, it’ll be a while before we see appliances based on the spec.
There are several companies developing hardware for these kinds of networked memory appliances.
Panmnesia’s CXL 3.2-compatible PanSwitch is one of the most sophisticated examples. The switch features 256 lanes of connectivity for CXL memory modules, devices, or CPUs to connect, pool, or share resources.
If you’re okay with memory pooling and don’t need the niceties of CXL 3.0, then there are already several memory appliances available that are compatible with the latest generation of Xeon 6 and Epyc Turin processors.
Liqid’s composable memory platform, for example, can provide a pool of up to 100 TB of DDR5 to as many as 32 hosts. Meanwhile, UnifabriX Max systems provide CXL 1.1 or 2.0 connectivity to 16 or more systems with support for CXL 3.2 already in the works.
We suspect that as more CXL 3.0 compatible CPUs and GPUs hit the market, more of these memory godboxes will appear.
Don’t get too excited. While network attached memory has the potential to reduce an enterprise’s infrastructure spend, those same qualities make it attractive for the very thing driving the memory shortage in the first place.
AI adoption has driven demand for DRAM off the charts. In addition to the HBM used by GPUs, DDR5 is being used for key value cache offload during inference.
These KV caches store model state and can chew significant amounts of memory — often more than the model itself — in multi-tenant serving scenarios.
Rather than discard these caches and recompile them when the model state is restored, it’s more efficient to offload them to system memory and eventually flash storage.
The problem with using flash storage is that it has a finite write endurance. After a while it wears out. Instead, CXL memory vendors are positioning the tech as a more resilient alternative.
That’s bad news for enterprises looking to these memory godboxes for salvation from the RAMpocalypse. ®
The story is part of a BBC report into people who experienced delusions while using AI. They are men and women from their 20s to 50s from six different countries, using a wide range of AI models.
Read Entire Article
Source link
Designer Matty Benedetto of Unnecessary Inventions runs a studio in Vermont where he makes contraptions to tackle problems that no one has ever asked about. His most recent project mixes two known elements to create something new, which has the potential to change how teams handle lengthy discussions around a table. He transformed conventional office chairs into a full seesaw that rocks up and down while spinning in a complete circle.
Benedetto started simple by collecting a couple of worn-out office chairs from storage. He wanted seats that everyone was familiar with, so no one felt out of place when they sat down. A simple test compared the wheels on each base to determine which pair rolled and slid the best across a floor. These results allowed him to choose the right parts without guesswork. He then gently separated the chairs, keeping the seats and center supports intact. A small 3D printed model allowed him to see how the elements would connect and move together. The initial chair bases already spun freely in all directions, so he retained that motion for the finished form. He then designed a bespoke bracket to connect everything at the midway point.
Sale
Ball bearings in the new bracket provided smooth, effortless seesaw movement as needed. He assessed the distances and opted on chairs spaced ten feet apart along a robust metal tube that cost him $100. That tube served as the main beam, measuring a solid 5 feet square to maintain equilibrium. A simple hex bolt held the tube in place and prevented it from slipping around during operation. The early brackets he created on his 3D printer were ideal for brief test runs, but they were too flimsy for real-world use. So he bought some CNC machined aluminum replacements and gave them a lovely bead blast finish with a layer of black anodizing to clean up the lines and make them more durable. These new pieces were high-quality, solidly constructed, and arrived with an aura of precision, so assembly seemed substantial right away.
Drilling guide holes in those printed copies ensured that everything fit together seamlessly. He inserted the machined brackets directly into the chair bases after a test run revealed that individual seat rotations were producing much too much wobbling. By removing the extra spin and lowering the overall height, he created a more stable configuration that let people to securely climb on and off. The new design secured the chairs in place, but the middle pivot allowed the entire seesaw to glide smoothly up and down and spin freely. When two people of nearly equal size sat down, equilibrium just happened. Benedetto persuaded his friend to accompany him on his first official test run.
They climbed to the opposite ends and adjusted their weight to see how it worked. The beam went up and down smoothly, while the base turned the entire seesaw in wonderful huge circles. In one humorous run, they pretended to be an office staff disputing deadlines over a stack of paperwork, but the soft, steady motion kept the mood light and enjoyable. The finished design measured ten feet long and was low enough to fit between two normal desks in a shared workspace. The chairs are linked beneath the worktable, allowing users to lean forward and type or write without having to climb off. After many test sessions, the bearings have demonstrated their ability to tolerate frequent rocking without making a noise or sticking, while remaining lovely and smooth.
Arjan Brussee, best known as a co-founder of Guerrilla Games and a former global director of product management for Unreal Engine at Epic Games, says he’s developing a new platform called The Immense Engine. The idea, as he describes it, is to create an alternative to the dominant engines that…
Read Entire Article
Source link
Google launched the 99 dollar screenless Fitbit Air and a 9.99 dollar per month Gemini-powered AI health coach. One day later, Whoop responded by adding on-demand video consultations with licensed clinicians to its app.
TL;DR
Google launched a 99 dollar screenless fitness tracker and a 9.99 dollar per month AI health coach powered by Gemini. One day later, Whoop announced that it would add on-demand video consultations with licensed clinicians to its app. Google is betting that artificial intelligence can interpret your health data. Whoop is betting that you still need a doctor. The US Food and Drug Administration, which relaxed its oversight of both AI health tools and consumer wearables in January, is betting that neither needs much regulation.
The sequence is not a coincidence. It is a philosophical split in the wearable health industry, articulated in product announcements issued 24 hours apart. The question both companies are answering is the same: what should happen after the sensor on your wrist collects the data? Google’s answer is an AI chatbot. Whoop’s answer is a human with a medical licence. The market will decide which one people trust with their bodies.
The Fitbit Air is a screenless band that costs 99 dollars. It is the smallest Fitbit ever made. It tracks heart rate, heart rate variability, SpO2, sleep stages, and activity continuously, with a battery life of approximately one week. It has no display. All data is accessed through the new Google Health app, which replaces the Fitbit app on 19 May.
The device ships on 26 May with a three-month free trial of Google Health Premium, which costs 9.99 dollars per month or 99 dollars per year. The premium tier includes the Google Health Coach, an AI assistant built on Gemini that generates personalised workout plans, interprets sleep trends, summarises health records, and answers questions about a user’s fitness and medical data.
Google’s strategy is not to sell hardware. It is to sell the AI layer on top of the data. The Google Health app is designed to be wearable-agnostic, with planned support for Apple Watch, Oura, and Garmin devices later this year. The Fitbit Air is the entry point, not the destination. Google wants to be the intelligence that sits between every wearable sensor and every health decision, regardless of which device collected the data.
Whoop’s announcement arrived on 8 May, exactly one day after Google’s. The company will offer on-demand video consultations with licensed clinicians through its app for users in the United States, launching this summer. The consultations begin with a review of the user’s continuous biometric data collected by the Whoop band. If the user has synced blood work or medical history through HealthEx, an electronic health records integration that Whoop is also launching, that information is included.
The distinction from Google’s approach is deliberate. A clinician can ask follow-up questions, identify patterns that require context a chatbot does not have, and carry the professional accountability that comes with a medical licence. An AI coach can tell you your heart rate variability is trending down. A doctor can tell you why.
Blossom Health raised 20 million dollars to put AI copilots alongside psychiatrists, a model that treats AI as support for clinicians rather than a replacement for them. Whoop is applying the same logic to wearable health data: the AI processes the numbers, but a human makes the call.
Will Ahmed, Whoop’s founder and chief executive, posted an image on X of a Whoop circuit board with the words “Don’t bother copying us, we will win” engraved on it. The message was originally aimed at Amazon, which launched and subsequently killed the Halo fitness band. It now reads as a response to a company with considerably more resources than Amazon’s wearables division.
Whoop raised 575 million dollars in March 2026 at a valuation of 10.1 billion dollars, with investors including the Qatar Investment Authority, Mubadala, Abbott, and the Mayo Clinic. The company reported 1.1 billion dollars in annualised revenue in 2025, up 103 per cent year over year, and said it was cash-flow positive. It has more than 2.5 million members.
Whoop’s subscription costs between 199 and 359 dollars per year depending on the tier. Google Health Premium costs 99 dollars per year. The Fitbit Air costs 99 dollars. A year of Fitbit Air plus Google Health Premium costs less than a year of Whoop’s cheapest plan. The clinician consultations that Whoop is adding will cost extra, with pricing not yet announced.
The price gap frames the competitive question. Google is offering AI health coaching at a price point that undercuts Whoop’s subscription by more than half. Whoop is offering human medical consultations at a price that will push its total cost higher. One company is driving the cost of health guidance toward zero. The other is arguing that the value of a human clinician justifies a premium. Both positions are coherent. Neither has been tested at scale in the wearable market.
ChatGPT Health launched in January 2026, connecting Apple Health data to OpenAI’s models. Microsoft followed a week later with Copilot Health. Perplexity launched Perplexity Health, pulling together electronic health records, wearable data, and lab results into a single AI-powered dashboard. Amazon opened its Health AI to all US customers, backed by its One Medical clinical network and pharmacy.
Every major AI platform now has a health product. The wearable data that Fitbit, Whoop, Apple Watch, and Oura collect has become the input for a competition between AI models, each promising to turn continuous biometric monitoring into personalised health advice. The differentiation is not in the data. Heart rate, sleep stages, and SpO2 are measured by every device on the market. The differentiation is in what happens next.
Corti’s Symphony AI outperformed models from OpenAI and Anthropic on medical coding benchmarks, demonstrating that specialised health AI can exceed general-purpose models on clinical tasks. The implication for the wearable market is that the AI interpreting your health data may matter more than the sensor collecting it. Google is building that AI into a consumer subscription. Whoop is routing around it to a human.
In January 2026, the FDA updated two guidance documents that collectively loosened oversight of both consumer wearables and AI-enabled health tools. The General Wellness Guidance clarified that low-risk wellness devices using optical sensing to estimate physiological parameters, which describes every screenless fitness tracker on the market, can be sold without premarket review as long as they make wellness claims rather than clinical ones. The Clinical Decision Support Guidance softened the agency’s approach to AI tools that help users navigate diagnoses and health decisions.
The regulatory shift creates space for both Google and Whoop. Google’s AI health coach can offer personalised guidance without triggering medical device classification, provided it frames its outputs as wellness advice. Whoop’s clinician consultations operate under existing telemedicine frameworks. The FDA’s position is that neither the AI chatbot nor the wearable sensor requires the level of scrutiny applied to medical devices, as long as neither claims to diagnose or treat disease.
The gap between what these products do and what they claim to do is where the regulatory question lives. An AI coach that tells a user their recovery score suggests they should rest is wellness advice. An AI coach that tells a user their heart rate variability pattern is consistent with early atrial fibrillation is a clinical claim. The line between the two is a sentence, and the incentive to cross it increases with every subscription dollar at stake.
Google built a 99 dollar tracker and a 9.99 dollar AI coach. Whoop is adding doctors to an app attached to a 10 billion dollar company. The FDA says both are fine. The user strapping a screenless band to their wrist and asking what their data means will not be choosing between two products. They will be choosing between two theories of what health data is for: a prompt for an algorithm, or a conversation with a person who went to medical school.
HarrisX Poll Found 52% of Registered Voters Support the CLARITY Act
Upbit adds B3 Korean won pair as Base token gains Korea access
Weekend Open Thread: Marianne Dress
Image AI models now drive app growth, beating chatbot upgrades
NCP car park operator enters administration putting 340 UK sites at risk of closure
Ignore market noise, India’s long-term story intact, say D-Street bulls Ramesh Damani and Sunil Singhania
Politics Home Article | Starmer Enters The Danger Zone
Olivia Wilde Reacts To Viral ‘Corpse’ Comparison
Inter Milan Win Serie A Title After Victory Over Parma
La Liga: Vinicius Jr scores twice as Real Madrid win to keep Barcelona waiting for title
UAE Free Zone Deploys Blockchain IDs to Verify Registered Firms
Every word of Arne Slot’s heated rant after Manchester United win vs Liverpool
Joel Embiid urges Sixers fans not to sell playoff tickets to Knicks fans
2026 NHL playoff picks: Second-round predictions, series odds, Stanley Cup bracket
Jennifer Lawrence’s Mary Jane Sneakers Are Spring’s It-Girl Shoe
Moroccan Reacts To Nick Cannon’s Dating Rules For His Sister
BlackRock CEO Larry Fink Discusses a New Asset Class
Robinhood says Wall Street is building onchain
Kylie Jenner and Timothee Chalamet Hold Hands in NYC Outing
Post Malone Delays Tour With Jelly Roll Amid Ongoing Backlash
You must be logged in to post a comment Login